ironic_inspector: ironic: Fix 'auth_type' when 'auth_strategy' is used

We should override the 'auth_type' to 'none' when using the old way of setting up authentication with 'auth_strategy' so we can override the default 'auth_type' value before getting the session information. This fixes the following issue Unhandled error: MissingRequiredOptions: Auth plugin requires parameters which were not given: auth_url This also adds a new testcase to test the strategy='noauth' scenario. Closes-Bug: #1748263 Change-Id: I875e2b17f5c6829ad81f86c32959cb106bf57e53
2018-02-08 14:03:13 +00:00 · 2018-02-08 14:03:13 +00:00 · fbeb0783e4
commit fbeb0783e4
parent 76978212ea
3 changed files with 43 additions and 20 deletions
--- a/ironic_inspector/common/ironic.py
+++ b/ironic_inspector/common/ironic.py
@ -83,6 +83,14 @@ def get_client(token=None,
               api_version=DEFAULT_IRONIC_API_VERSION):  # pragma: no cover
    """Get Ironic client instance."""
    global IRONIC_SESSION
+
+    # NOTE: To support standalone ironic without keystone
+    # TODO(pas-ha) remove handling of deprecated opts in Rocky
+    # TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth
+    # via sessions https://review.openstack.org/#/c/359061/
+    if CONF.ironic.auth_strategy == 'noauth':
+        CONF.set_override('auth_type', 'none', group='ironic')
+
    if not IRONIC_SESSION:
        IRONIC_SESSION = keystone.get_session('ironic')

@ -93,14 +101,8 @@ def get_client(token=None,

    adapter_opts = dict()

-    # NOTE: To support standalone ironic without keystone
-    # TODO(pas-ha) remove handling of deprecated opts in Rocky
-    # TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth
-    # via sessions https://review.openstack.org/#/c/359061/
-    if CONF.ironic.auth_strategy == 'noauth':
-        CONF.set_override('auth_type', 'none', group='ironic')
-    else:
-        # TODO(pas-ha) use service auth with incoming token
+    # TODO(pas-ha) use service auth with incoming token
+    if CONF.ironic.auth_type != 'none':
        if token is None:
            args['session'] = IRONIC_SESSION
        else:
--- a/ironic_inspector/test/unit/test_common_ironic.py
+++ b/ironic_inspector/test/unit/test_common_ironic.py
@ -27,18 +27,7 @@ from ironic_inspector import utils
 CONF = cfg.CONF


-@mock.patch.object(keystone, 'get_adapter')
-@mock.patch.object(keystone, 'register_auth_opts')
-@mock.patch.object(keystone, 'get_session')
-@mock.patch.object(client, 'Client')
-class TestGetClient(base.BaseTest):
-    def setUp(self):
-        super(TestGetClient, self).setUp()
-        ir_utils.reset_ironic_session()
-        self.cfg.config(auth_strategy='keystone')
-        self.cfg.config(os_region='somewhere', group='ironic')
-        self.addCleanup(ir_utils.reset_ironic_session)
-
+class TestGetClientBase(object):
    def test_get_client_with_auth_token(self, mock_client, mock_load,
                                        mock_opts, mock_adapter):
        fake_token = 'token'
@ -70,6 +59,32 @@ class TestGetClient(base.BaseTest):
        mock_client.assert_called_once_with(1, fake_ironic_url, **args)


+@mock.patch.object(keystone, 'get_adapter')
+@mock.patch.object(keystone, 'register_auth_opts')
+@mock.patch.object(keystone, 'get_session')
+@mock.patch.object(client, 'Client')
+class TestGetClientAuth(TestGetClientBase, base.BaseTest):
+    def setUp(self):
+        super(TestGetClientAuth, self).setUp()
+        ir_utils.reset_ironic_session()
+        self.cfg.config(auth_strategy='keystone')
+        self.cfg.config(os_region='somewhere', group='ironic')
+        self.addCleanup(ir_utils.reset_ironic_session)
+
+
+@mock.patch.object(keystone, 'get_adapter')
+@mock.patch.object(keystone, 'register_auth_opts')
+@mock.patch.object(keystone, 'get_session')
+@mock.patch.object(client, 'Client')
+class TestGetClientNoAuth(TestGetClientBase, base.BaseTest):
+    def setUp(self):
+        super(TestGetClientNoAuth, self).setUp()
+        ir_utils.reset_ironic_session()
+        self.cfg.config(auth_strategy='noauth')
+        self.cfg.config(os_region='somewhere', group='ironic')
+        self.addCleanup(ir_utils.reset_ironic_session)
+
+
 class TestGetIpmiAddress(base.BaseTest):
    def test_ipv4_in_resolves(self):
        node = mock.Mock(spec=['driver_info', 'uuid'],
--- a/releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml
+++ b/releasenotes/notes/keystone-noauth-9ba5ad9884c6273c.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Ironic introspection no longer tries to access the Identity service if the
+    ``auth_strategy`` option is set to ``noauth`` and the ``auth_type`` option
+    is not set to ``none``.